> Office was considered a very solid product for many generations.
When was that? My introduction to Excel was in the 1990s when a scientist asked about data corruption, and my response was "oh, yeah, Excel does that, you need to fiddle with these options and hope the options do not get turned off, seeing as companies may randomly screw over user preferences". The look in their eyes...they probably had done a whole bunch of data entry before they even noticed the corruption. Anyways, a few decades later those genomes got renamed, for some reason or another. Other customers came to me and pleaded, please do not install Word 6, it's bad, and I was like, well, be that as it may, but Microsoft has broken the file format, again, so if someone sends you a Word 6 document you will not be able to read it. They've got you over the barrel, perhaps consider not using their software? Unless you like being chained to that main-mast, of course, don't shame the kink! Later on a coworker said, try Visio, and I was like, this is sort of bad, and they were like, yeah, it was better before Microsoft bought it. So, when was Microsoft not producing kusogeware? Sometime during the semi-mythical 80s, perhaps?
Attacks employing invisible characters are not a new thing. Prior efforts here include terminal escape sequences, possibly hidden with CSS that if blindly copied and pasted would execute who knows what if the particular terminal allowed escape sequences to do too much (a common feature of featuritis) or the terminal had errors in its invisible character parsing code.
For data or code hiding the Acme::Bleach Perl module is an old example though by no means the oldest example of such. This is largely irrelevant given how relevant not learning from history is for most.
Invisible characters may also cause hard to debug issues, such as lpr(1) not working for a user, who turned out to have a control character hiding in their .cshrc. Such things as hex viewers and OCD levels of attention to detail are suggested.
Alas, but the body count usually must be worryingly high before the "hmm, well, maybe we should do something?" thing kicks into gear. Daylight unescorted bomber raids, for example, or a space shuttle departing itself most awkwardly, usually after the attrit rate is already out the barn door and up and over the third ridge is action taken. Fixes may also require a change of thinking, which may be awkward for some, especially where reputations are involved, or piles of Mammon so high that a Jesus himself would throw his back trying to turn those tables at Wall-street. The engineering on the space shuttle was near perfect, right? And then you need ongoing vigilance soas to help slow down the rate of repeats where, spoilers, o-rings were again involved in the almost-disaster that was the Starliner. Squick-worthy adtech? Meh, hasn't gotten enough killed. Yet.
would search for the L tag in the ls(1) man page, or there's
man -akO tag Ic=ulimit
to find whatever the ulimit thing is or for an even more general search a small wrapper along the lines of
#!/bin/sh
man -akO tag="$1" any="$1"
may help, unless you are not on OpenBSD, in which case you may wish for the droolsauce and energy waste that is AI because the documentation on your OS is probably some sort of evolving train wreck (man pages -> gun info -> README from 2003 -> web pages, increasingly bloated and behind the iron curtain of javascript -> ??? -> Singularity! Three hails for our Saint Kurzweil!!). Back when I supported Linux I might just run strace on the process because who knew if there was documentation (maybe?) or if it was accurate (sometimes?) and
function info { /usr/bin/info "$@" 2>/dev/null | $PAGER; }
is at least a ksh function for making info somewhat less terrible.
Such as the base OpenBSD vi, which only supports a single-level undo, which I am using at this moment (and still learning how to use, after a few decades). vim got curb-canned a while ago due to various "that's nice, but how do I turn it off?" additions, in addition to having more code in header files than vi has in total. vi meanwhile is pretty bloated though has ex filters which are a huge step up from the standard editor. Multi-level undo? Don't really need it.
According to Nix v. Hedden, 149 U.S. 304 (1893) a tomato is a vegetable, so the riourous may need to account for that in the appropriate jurisdictions, especially if tarrifs are on the line, or at least to rember to have bigger lawyers than the competition. Also a carrot is a fruit (in EU, for purposes of jam classification), "I can't believe that superhero doll is not a doll", etc.
King Louis XIV lost a bunch of his land to astronomers able to more accurately measure said land. This is the sort of thing that can happen when you want to turn your country into a world leader in science.
A confused user once stopped by, they had a blank terminal, so I showed them how to select all which revealed the helpfully black on black text. These days I compile colour support out of st, or set *colorMode:false for xterm. "But you can customize the colours" is a typical response, to which one might respond that one has grown weary of pushing that particular rock, and moreover one may be busy with other things at a drag-out monitor in a server room at three in the morning that has helpfully dark blue text on a black console, or worse if some high-minded expert has gone and rubbed the backside of a unicorn everywhere so that they may improve the "legibility".
And of course XML libraries haven't had any security issues (oh look CVE-2025-49796) and certainly would not need to make random network requests for a DTD of "reasonable" complexity. I also dropped XML, and that's after having a website that used XML, XSLT rendering to different output forms, etc. There were discussions at the time (early to mid 2000s) of moving all the config files on unix over to XML. Various softwares probably have the scars of that era and therefore an XML dependency and is that an embiggened attack surface? Also namespaces are super annoying, pretty sure I documented the ughsauce necessary to deal with them somewhere. Thankfully, crickets serenade the faint cries of "Bueller".
The contrast with only JSON is far too simplistic; XML got dropped from places where JSON is uninvolved, like why use a relational database when you can have an XML database??? Or those config files on unix are for the most part still not-XML and not-JSON. Or there's various flavors of markdown which do not give you the semi-mythical semantic web but can be banged out easily enough in vi or whatever and don't require schemas and validation or libraries with far too many security problems and I wouldn't write my documentation (these days) using S-expressions anyhow.
This being said there probably are places where something that validates strictly is optimal, maybe financial transactions (EDIFACT and XML are different hells, I guess), at least until some cheeky git points out that data can be leaked by encoding with tabs and spaces between the elements. Hopefully your fancy and expensive XML security layer normalizes or removes that whitespace?
When was that? My introduction to Excel was in the 1990s when a scientist asked about data corruption, and my response was "oh, yeah, Excel does that, you need to fiddle with these options and hope the options do not get turned off, seeing as companies may randomly screw over user preferences". The look in their eyes...they probably had done a whole bunch of data entry before they even noticed the corruption. Anyways, a few decades later those genomes got renamed, for some reason or another. Other customers came to me and pleaded, please do not install Word 6, it's bad, and I was like, well, be that as it may, but Microsoft has broken the file format, again, so if someone sends you a Word 6 document you will not be able to read it. They've got you over the barrel, perhaps consider not using their software? Unless you like being chained to that main-mast, of course, don't shame the kink! Later on a coworker said, try Visio, and I was like, this is sort of bad, and they were like, yeah, it was better before Microsoft bought it. So, when was Microsoft not producing kusogeware? Sometime during the semi-mythical 80s, perhaps?
reply